SSO Using Azure ENTERPRISE
This page explains how to configure Azure and then configure Styra.
Azure Active Directory Configuration
Login to Azure.
Your Registered Applocated under Azure Active Directory >> App registrations >> Display Name.
Record the [Application (client) ID].
Record the Directory (tenant) ID.
Navigate to Certificates & Secrets and create a new client secret. Record your secret value to use in your Styra SSO configuration later on.
Now, navigate to Redirect URIs >> Authentication and add the URI:
After you configure Azure, you must configure
<das-id>.styra.comwith your username and password.
Go to your Workspace, click Access Control >> Single Sign-On Providers and then click OpenID Connect >> + Add OpenID Connect Provider.
Enter the following details in the form.
Provider name: The name for your identity provider setting. For example,
Corporate Azure AD. This name will be visible for the users on the login page.
https://login.microsoftonline.com/YOUR_DIRECTORY_TENANT_ID/v2.0(Replace YOUR_DIRECTORY_TENANT_ID with the tenant ID recorded in Step 4
Client ID: Copy the Application Client ID value recorded in Step 3.
Client Secret: Copy the Client Secret value recorded in Step 5.
Allowed Domains: Type the allowed authentication domain(s) of your users. For example,
retail.acme.com. If the identity provider supports multiple domains, only users with these domains are allowed to access the service.
You can find your domain in your
Registered Appby selecting Branding on the left side menu. On the branding page, your URL will be present in the
Invited users only:
If enabled, the authenticated user must have a pre-existing account in the service.
If disabled, a new user account will be created just-in-time for any authenticated user, as long as the user's domain matches one of the allowed domains (and the identity provider has assigned this user to the Styra application).
Enabled: Set it to
If you have selected just-in-time provisioning for the users, then you can now logout from
<das-id>.styra.comand sign-in again through Azure. Azure is now displayed on the
<das-id>.styra.comlogin screen above the username and password.
Invite Users to Styra (Optional)
If you configured
<das-id>.styra.com to allow only invited users to login to the service, then you must create users on
<das-id>.styra.com. You can add or invite users through the following options:
- Using the CLI.
- Using the GUI.
- Any client calling the Styra CLI API.